The Solution Crowd

kippy - performance management ... made simple

kippy is a flexible strategy and performance management system, hosted in the cloud. The service offered includes configuration of the system to suit the specific business needs of your organisation.


  • Track KPIs and Projects by objective - at various frequencies.
  • Cascade strategy with real-time org-wide drill-down reporting.
  • One-click Cloud deploy. Self-service set up, customisation, management, governance
  • Approval workflows, automated change freezes and exemptions
  • Self-managed role-based user management. Every action audited.
  • Voice-controlled Virtual Assistant, chat with colleagues, pre-integrated to Slack
  • Analyze trends, bulk import, Live chat support.
  • Secure RESTFUL JSON APIs to integrate with your systems
  • Secure, encrypted, audited, backed-up, highly available. Export on demand.
  • Mobile responsive. Cross-browser. Cross-device.


  • One-stop view of your entire organisation.
  • Executive dashboards ready to present live views for board-level reviews
  • Track KPIs and Projects by objectives – vertically and horizontally
  • ​Check waste vs value - at the right frequency
  • ​Drive strategy down to every team
  • Get started with one-click for your very own instance
  • Self set-up Kippy with your performance strategy
  • ​Data integrity at all-levels, enforced by default
  • Easy to use, intuitive to learn. No training required
  • ​Free trial and monthly pricing. Go-live within a week.


£7.33 a user

Service documents


G-Cloud 12

Service ID

8 8 5 8 7 8 6 4 9 9 7 9 2 7 8


The Solution Crowd nauman khan
Telephone: 07969453723

Service scope

Software add-on or extension
Cloud deployment model
Public cloud
Service constraints
System requirements
Google Chrome or IE11+ web browser with Javascript enabled

User support

Email or online ticketing support
Email or online ticketing
Support response times
Severity 1 1 hour
Severity 2 8 hours
Severity 3 48 hours

Monday to Friday. 9am to 5pm.
User can manage status and priority of support tickets
Online ticketing support accessibility
None or don’t know
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Web chat
Web chat support availability
9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard
None or don’t know
How the web chat support is accessible
Web chat accessibility testing
Web chat provided by 3rd party.
Onsite support
Yes, at extra cost
Support levels
A technical account manager is provided.

All plans include LIVE CHAT support - which allows you to talk directly to a real person, directly from a pop-up window whilst using Kippy.

Free users will be directed to the extensive how-to-videos and online user guides.

Professional Plan users will be able to ask questions on how to use the various Kippy features via the online chat.

Enterprise Plan users will also be able to use our dedicated resource to get set up, import existing KPI data and access to our network of consultancy partners to help your end-to-end performance management objectives.

Enterprise Support Plan costs 10,000 (GBP) per annum
Support available to third parties

Onboarding and offboarding

Getting started
Kippy is an intuitive product which can be self-learned. There is extensive user documentation on the website in the form of manuals, faqs, how to and getting started videos.

Online training is provided once a month for new users. On-site training is available.

A technical integrator is provided to help configure the system initially with your existing data,

A network of partners pre-trained in the kippy methodology is also available to help identify your objectives, kpis and project milestones - and upload them into kippy.
Service documentation
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
All the users data is available to the user via the web APIs at any time.

All kippy data is regularly backed up. However, users are also encouraged to take extracts of their data for backups or local integrations as often as they choose.
End-of-contract process
If you wish to terminate your contract, there are no additional costs. A data export is made available free of charge, and all data is then removed from our systems.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
Designed for use on mobile devices
Differences between the mobile and desktop service
Kippy is mobile responsive and is fully functional on mobile phones and tablets. However, the interface is primarily intended to be used on desktops and laptops.
Service interface
Description of service interface
The service interface is part of the application but only available to users with the appropriate role.

The interface allows the user to self-serve any maintenance activities - including adding, renaming, deleting, moving all data objects.

All activities are fully audited and follow governance rules to ensure system integrity.

The service interface is only available to the appropriate system user, who can
- view the audit log to be viewed
- bulk import existing KPI data
- delete users from the system
Accessibility standards
None or don’t know
Description of accessibility
The service interface is part of the rest of the kippy application and behaves the same way.
Accessibility testing
Tested with JAWS screen reader and Pa11y.
What users can and can't do using the API
Appropriate users can interact with kippy using the secure REST/JSON APIs.

The service can also be set up by uploading existing information in bulk.

Performance data can be updated via the APIs to allow integration with in-house systems.

ALL user-entered data and calculated performance scores can be retrieved via the APIs.
API documentation
API documentation formats
API sandbox or test environment
Customisation available
Description of customisation
Kippy takes an opinionated view of strategy and performance management, based on a mature and proven methodology to simplify implementations and ensure success.

Within this structure, the system is almost entirely customizable so the user can define:
- teams to model their org structure
- mission, vision, values, perspectives, objectives, kpis, project and milestones
- users, their roles and access permissions per team
- communities of interests to collaborate on cross-cutting groups of KPIs
- change freezes and exemption windows for KPI submissions
- board colours, logos, avatars, etc.

The service is fully customisable by the user with the appropriate role using just the user interface.


Independence of resources
Kippy is designed to ensure there is practically no impact across users because:
- most complex operations are done in the client's browser and not on the kippy servers.
- sophisticated caching refreshes in low-priority background jobs
- sophisticated auto scaling-up of under-lying resource to over 1000 times typical load (which auto scales-down to reduce cost)


Service usage metrics
Metrics types
Registered users
User logins
KPIs and Projects created
Scores Submitted
Reporting types
Real-time dashboards


Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Users can call kippy's secure web APIs (with the appropriate authentication credentials) to extract all their current and historical data in JSON format.
Data export formats
Other data export formats
Data import formats
  • CSV
  • Other
Other data import formats
  • MS Excel template to collect and bulk upload existing info.
  • Updates can be submitted using RESTFUL/JSON web API calls

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
Severity 1 Production system is down, impacting ability to log in to application or view any pre-populated data.
Severity 2 Production system is degraded, but operational. Issue affects essential functions such as some dashboards and/or reports; ability to submit new scores to existing KPI and Project definitions.
Severity 3 Product system performance is degraded to become erroneous or unusable. Issue affects non-essential functions such as changes to KPI and Project definitions and forecasts. Admin functions – including Maintenance of Users, Teams, Perspectives, Objectives, KPIs, Projects, Milestones, Unlocking plans and actuals and all Slack features. Some data or scoring is missing or erroneous. General product questions relating to feature issues, integration or documentation.

Description Resolution Time Measure
Severity 1 12 hours 100%
Severity 2 24 hours 95%
within 48 hours 100%
Severity 3 48 hours 90%
within 1 week 100%

Annual licenses are refunded pro-rata on request.
Approach to resilience
Multi-availability zone replication
Automated testing
Canary releases
Production Monitoring

More details available on request.
Outage reporting
Public status page

Identity and authentication

User authentication needed
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
  • Other
Other user authentication
There are two options available for authentication a) "Username and password" and/or b) "via integration to Slack".

Using authentication via Slack, users are able to leverage all Slack login features including 2-factor authentication and identity federation.

As system owner, you can decide and self-service the authentication mechanism appropriate for your needs.

All communication is via TLS.
Access restrictions in management interfaces and support channels
Role-based access restricts management interface access.
This is further controlled hierarchically by Team in your organisation.
Only your user that initialises the kippy instance (with the 'system owner' role), can request certain restricted commercial features from support e.g. billing, leaving, retrieving backups, etc.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance approach
Security governance has been designed and is executed from the ground up at all layers. This follows best practices from our Architecture team based on decades of experience architecting and developing large business critical national and global systems.

We are happy to attain formal ISO/IEC accreditations when/if they are requested.
Information security policies and processes
A primary tenant of our offering is that "We will not share you information with anyone ... ever". All data and access controls for your data are for you to self-manage. Therefore, we can avoid ever needing to interfere with your own security policies.

We are happy to attain formal ISO/IEC accreditations when/if required.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
All configuration is managed with Infrastructure as code (IaaC) principles.
All code is managed in a private GitHub repository.
All changes are reviewed with a formal Architecture design process with formal design documents.
All builds and releases are tracked in the CI/CD pipelines.
All releases are security and vulnerability scanned.
Change management processes ensure all releases are a) released outside of business hours b) tested in a Stage production-like environment and c) canary-released before full roll out.
API iteration is tracked through semantic versioning.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Each release is scanned using Google Cloud Web Security Scanner.
Security fixes are given highest priority by the in-house development team.
Patches can be deployed via the CI/CD pipelines within a minute.
CVE & NVD databases.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Automated alerts and daily manual monitoring.
Immediate response - security is a fundamental tenant of the offering.
Incident management type
Supplier-defined controls
Incident management approach
Users can raise incidents via support directly from the app, or via email.
Processes for common incidents identified via ITIL problem management methodologies.

Description Resolution Time Measure
Provision of a Root Cause Analysis (RCA) report for Severity 1 incidents within 5 days 90%
within 8 hours 100%
A documented Incident Report to be submitted to the Authority for Severity 1 Incidents within 5 days of incident resolution 100%

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks


£7.33 a user
Discount for educational organisations
Free trial available
Description of free trial
All features are included in the free version - no time limit.
Free tier users can contact kippy support - SLAs not guaranteed for Free users - online resources available for all.
Users can initially register for Free version and upgrade when Support needed.
Link to free trial

Service documents